Login user through API

Hi,

I am trying to implement a user login through token for clients so they can login using just a token. This is because we are trying to implement a whitelabel functionality so users from external DB can access the application without logging in our app.

Steps that I am aiming to:

  1. Tenant user creates a user using our app. We provide a token or ID associated to auth0 for the tenant so it saves it into their DB.
  2. The client app uses that token provided along with security measures to submit a POST request and retrieve an access token which regular users will use to access our app without going through the regular auth process.
  3. It is important to handle the refresh token so users are not logged out too soon, in case that happens users will need to repeat the same process in order to login again.

How viable is this?

Hi @vicente1

We do have the client credentials grant (also known as Machine to Machine) which is your “login with a token” functionality.

However, I am not sure this is the best. Are your users people or machines? If the former, you probably should not be using client credentials.

We do support 3rd party apps, where they log in to their app using your Auth0 connection. That may be appropriate.

Be careful with this one - it is not the standard login flow and so you should analyze the security of the solution you come up with carefully.

John

1 Like